BUUCTF reverse:新年快乐

1.查壳
BUUCTF reverse:新年快乐_第1张图片UPX壳
32位文件
脱壳,网上找脱壳机,当然也可以手动脱壳
2.IDA分析
找到main函数,F5反编译
BUUCTF reverse:新年快乐_第2张图片

int __cdecl main(int argc, const char **argv, const char **envp)
{
  int result; // eax
  char v4; // [esp+12h] [ebp-3Ah]
  __int16 v5; // [esp+20h] [ebp-2Ch]
  __int16 v6; // [esp+22h] [ebp-2Ah]

  sub_401910();
  strcpy(&v4, "HappyNewYear!");
  v5 = 0;
  memset(&v6, 0, 0x1Eu);
  printf("please input the true flag:");
  scanf("%s", &v5);
  if ( !strncmp((const char *)&v5, &v4, strlen(&v4)) )
    result = puts("this is true flag!");
  else
    result = puts("wrong!");
  return result;
}

3.分析代码

strcpy(&v4, "HappyNewYear!");

这一行代码使v4=‘HappyNewYear!’

scanf("%s", &v5);
  if ( !strncmp((const char *)&v5, &v4, strlen(&v4)) )

输入v5后,与v4比较,如果相同,则输出“this is true flag!”
所以flag为

flag{HappyNewYear!}

你可能感兴趣的:(CTF)